BitDefender has identified spam emails which claim to contain links to videos. When users try to watch the video, they are prompted to download a 'media player'.
The security firm said that the media player is in fact Backdoor.Edunet.A which uses compromised computers to send commands to a series of mail servers.
BitDefender said that the mail servers are used to spread spam, and are mostly in the .edu and .mil domains.
The list of servers is retrieved by the Trojan from a series of web servers which are either compromised or part of the attackers' own network. The list is continuously changing, but that of the targets has so far remained constant.
The Trojan sends the commands in the hope of finding an open relay, a mis-configured mail server that allows anyone to send emails.
This essentially makes it appear that any mail originating from the Trojan has been sent from the open relay.
BitDefender researchers have determined that, at least currently, none of the servers in the current target list is actually vulnerable.
"It is not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays," said Sorin Dudea, head of antivirus Research at BitDefender.
"It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common."
Hackers launch Trojan spam attack
By Robert Jaques on May 2, 2008 3:33PM